Property is not omitted when "null" returned from lookup()

AntonChernysh commented 4 years ago

Community Note

Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritize the request
If you are interested in working on this issue or have submitted a pull request, please leave a comment

Terraform (and AzureRM Provider) Version

terraform 0.12.20 provider 1.44.0 (also tested 1.43.0)

Affected Resource(s)

site_config block in:

azurerm_app_service
azurerm_function_app

Terraform Configuration Files

module:

resource "azurerm_app_service" "app_svc" {
  name                = var.name
  location            = var.location
  resource_group_name = var.resource_group_name
  app_service_plan_id = var.app_service_plan_id

  app_settings = var.app_settings
  dynamic "connection_string" {
    for_each = var.connection_strings
    content {
      name  = connection_string.value.name
      type  = connection_string.value.type
      value = connection_string.value.value
    }
  }

  identity {
    type = "SystemAssigned"
  }

  # site_config = var.site_config
  dynamic "site_config" {
    for_each = [var.site_config]
    content {
      always_on                 = lookup(site_config.value, "always_on", false)
      app_command_line          = lookup(site_config.value, "app_command_line", null)
      auto_swap_slot_name       = lookup(site_config.value, "auto_swap_slot_name", null)
      default_documents         = lookup(site_config.value, "default_documents", null)
      dotnet_framework_version  = lookup(site_config.value, "dotnet_framework_version", null)
      ftps_state                = lookup(site_config.value, "ftps_state", null)
      http2_enabled             = lookup(site_config.value, "http2_enabled", null)
      ip_restriction            = lookup(site_config.value, "ip_restriction", null)
      java_container            = lookup(site_config.value, "java_container", null)
      java_container_version    = lookup(site_config.value, "java_container_version", null)
      java_version              = lookup(site_config.value, "java_version", null)
      linux_fx_version          = lookup(site_config.value, "linux_fx_version", null)
      local_mysql_enabled       = lookup(site_config.value, "local_mysql_enabled", null)
      managed_pipeline_mode     = lookup(site_config.value, "managed_pipeline_mode", null)
      min_tls_version           = lookup(site_config.value, "min_tls_version", null)
      php_version               = lookup(site_config.value, "php_version", null)
      python_version            = lookup(site_config.value, "python_version", null)
      remote_debugging_enabled  = lookup(site_config.value, "remote_debugging_enabled", null)
      remote_debugging_version  = lookup(site_config.value, "remote_debugging_version", null)
      scm_type                  = lookup(site_config.value, "scm_type", null)
      use_32_bit_worker_process = lookup(site_config.value, "use_32_bit_worker_process", null)
      virtual_network_name      = lookup(site_config.value, "virtual_network_name", null)
      websockets_enabled        = lookup(site_config.value, "websockets_enabled", null)
      windows_fx_version        = lookup(site_config.value, "windows_fx_version", null)

      # dynamic "cors" {
      #   for_each = lookup(site_config.value, "cors", [])
      #   content {
      #     allowed_origins     = cors.value.allowed_origins
      #     support_credentials = lookup(cors.value, "support_credentials", null)
      #   }
      # }
    }
  }
}

module invocation

module "some_app_service" {
  source              = "../modules/app-svc"
  name                = "this-is-my-app-name"
  location            = "westus"
  resource_group_name = "test-rg"
  app_service_plan_id = var.app_service_plan_id

  site_config = {
    use_32_bit_worker_process = true
    always_on                 = true
    ftps_state                = "Disabled"
    websockets_enabled        = true
  }

  app_settings = {
    "test" = "1"
  }

  connection_strings      = []
}

site_config variable:

variable "site_config" {
  type        = map
  description = "Site config block. See https://www.terraform.io/docs/providers/azurerm/r/app_service.html for references."
  default     = {}
}

Debug Output

Panic Output

Expected Behavior

The following properties should be ignored and terraform should not validate their format when not passed to module: ip_restriction default_documents always_on Also applies to dynamic cors block (commented out in code sample)

Actual Behavior

terraform init: pass
terraform validate: pass

terraform plan: failure


Error: Incorrect attribute value type

on ../modules/app-svc/main.tf line 32, in resource "azurerm_app_service" "app_svc":
32:       ip_restriction            = lookup(site_config.value, "ip_restriction", null)

Inappropriate value for attribute "ip_restriction": list of object required.


Terraform is not omitting property when "null" returned from lookup() like this: `ip_restriction            = lookup(site_config.value, "ip_restriction", null)` 
This construction works fine for all string properties and not for this particular property that expects a list of objects.
This property successfully ignored when it's value set to "null" (without lookup construction).

### Steps to Reproduce

<!--- Please list the steps required to reproduce the issue. --->

1. `terraform plan` or `terraform apply`

### Important Factoids

<!--- Are there anything atypical about your accounts that we should know? For example: Running in a Azure China/Germany/Government? --->

### References

* https://github.com/hashicorp/terraform/issues/21702 (could be)

AntonChernysh commented 4 years ago

it works now in Azurerm provider 2.0.0 when changing variable type to list, like this:

variable "site_config" {
  type        = list
  description = "Site config block. See https://www.terraform.io/docs/providers/azurerm/r/app_service.html for references."
  default     = []
}

module invocation is updated too:

    use_32_bit_worker_process = true
    always_on                 = true
    ftps_state                = "Disabled"
    websockets_enabled        = true
  }]

and for_each updated as well: for_each = var.site_config

Terraform crashes on plan with exactly the same setup, so it doesn't work in 1.44.0:

Error: rpc error: code = Unavailable desc = transport is closing

panic: interface conversion: interface {} is nil, not map[string]interface {}
2020-02-25T14:27:34.727+0200 [DEBUG] plugin.terraform-provider-azurerm_v1.44.0_x4:
2020-02-25T14:27:34.727+0200 [DEBUG] plugin.terraform-provider-azurerm_v1.44.0_x4: goroutine 14 [running]:
2020-02-25T14:27:34.727+0200 [DEBUG] plugin.terraform-provider-azurerm_v1.44.0_x4: github.com/terraform-providers/terraform-provider-azurerm/azurerm/internal/provider.expandFeatures(0xc000ca6de0, 0x1, 0x1, 0x44311a0)
2020-02-25T14:27:34.727+0200 [DEBUG] plugin.terraform-provider-azurerm_v1.44.0_x4:  /opt/teamcity-agent/work/5d79fe75d4460a2f/src/github.com/terraform-providers/terraform-provider-azurerm/azurerm/internal/provider/features.go:54 +0x2f4
2020-02-25T14:27:34.727+0200 [DEBUG] plugin.terraform-provider-azurerm_v1.44.0_x4: github.com/terraform-providers/terraform-provider-azurerm/azurerm/internal/provider.providerConfigure.func1(0xc00061a620, 0x0, 0xc000da5ea0, 0xc00061a620, 0x0)
2020-02-25T14:27:34.727+0200 [DEBUG] plugin.terraform-provider-azurerm_v1.44.0_x4:  /opt/teamcity-agent/work/5d79fe75d4460a2f/src/github.com/terraform-providers/terraform-provider-azurerm/azurerm/internal/provider/provider.go:253 +0x9ab
2020-02-25T14:27:34.727+0200 [DEBUG] plugin.terraform-provider-azurerm_v1.44.0_x4: github.com/hashicorp/terraform-plugin-sdk/helper/schema.(*Provider).Configure(0xc0008d1280, 0xc000c441e0, 0x4543000, 0xc000c44060)
2020-02-25T14:27:34.727+0200 [DEBUG] plugin.terraform-provider-azurerm_v1.44.0_x4:  /opt/teamcity-agent/work/5d79fe75d4460a2f/src/github.com/terraform-providers/terraform-provider-azurerm/vendor/github.com/hashicorp/terraform-plugin-sdk/helper/schema/provider.go:275 +0xf6
2020-02-25T14:27:34.727+0200 [DEBUG] plugin.terraform-provider-azurerm_v1.44.0_x4: github.com/hashicorp/terraform-plugin-sdk/internal/helper/plugin.(*GRPCProviderServer).Configure(0xc0000c0920, 0x52b83c0, 0xc000c36f90, 0xc000b7f1c0, 0xc0000c0920, 0xc000c36f90, 0xc000baabd0)
2020-02-25T14:27:34.727+0200 [DEBUG] plugin.terraform-provider-azurerm_v1.44.0_x4:  /opt/teamcity-agent/work/5d79fe75d4460a2f/src/github.com/terraform-providers/terraform-provider-azurerm/vendor/github.com/hashicorp/terraform-plugin-sdk/internal/helper/plugin/grpc_provider.go:487 +0x2e6
2020-02-25T14:27:34.727+0200 [DEBUG] plugin.terraform-provider-azurerm_v1.44.0_x4: github.com/hashicorp/terraform-plugin-sdk/internal/tfplugin5._Provider_Configure_Handler(0x48cdfa0, 0xc0000c0920, 0x52b83c0, 0xc000c36f90, 0xc000af81e0, 0x0, 0x52b83c0, 0xc000c36f90, 0xc000c064e0, 0x187)
2020-02-25T14:27:34.727+0200 [DEBUG] plugin.terraform-provider-azurerm_v1.44.0_x4:  /opt/teamcity-agent/work/5d79fe75d4460a2f/src/github.com/terraform-providers/terraform-provider-azurerm/vendor/github.com/hashicorp/terraform-plugin-sdk/internal/tfplugin5/tfplugin5.pb.go:3135 +0x23e
2020-02-25T14:27:34.727+0200 [DEBUG] plugin.terraform-provider-azurerm_v1.44.0_x4: google.golang.org/grpc.(*Server).processUnaryRPC(0xc0003e0420, 0x530fb40, 0xc00054e780, 0xc00079fa00, 0xc0009b4780, 0x86a9838, 0x0, 0x0, 0x0)
2020-02-25T14:27:34.727+0200 [DEBUG] plugin.terraform-provider-azurerm_v1.44.0_x4:  /opt/teamcity-agent/work/5d79fe75d4460a2f/src/github.com/terraform-providers/terraform-provider-azurerm/vendor/google.golang.org/grpc/server.go:995 +0x466
2020-02-25T14:27:34.727+0200 [DEBUG] plugin.terraform-provider-azurerm_v1.44.0_x4: google.golang.org/grpc.(*Server).handleStream(0xc0003e0420, 0x530fb40, 0xc00054e780, 0xc00079fa00, 0x0)
2020-02-25T14:27:34.727+0200 [DEBUG] plugin.terraform-provider-azurerm_v1.44.0_x4:  /opt/teamcity-agent/work/5d79fe75d4460a2f/src/github.com/terraform-providers/terraform-provider-azurerm/vendor/google.golang.org/grpc/server.go:1275 +0xda6
2020-02-25T14:27:34.728+0200 [DEBUG] plugin.terraform-provider-azurerm_v1.44.0_x4: google.golang.org/grpc.(*Server).serveStreams.func1.1(0xc000598070, 0xc0003e0420, 0x530fb40, 0xc00054e780, 0xc00079fa00)
2020-02-25T14:27:34.728+0200 [DEBUG] plugin.terraform-provider-azurerm_v1.44.0_x4:  /opt/teamcity-agent/work/5d79fe75d4460a2f/src/github.com/terraform-providers/terraform-provider-azurerm/vendor/google.golang.org/grpc/server.go:710 +0x9f
2020-02-25T14:27:34.728+0200 [DEBUG] plugin.terraform-provider-azurerm_v1.44.0_x4: created by google.golang.org/grpc.(*Server).serveStreams.func1
2020-02-25T14:27:34.728+0200 [DEBUG] plugin.terraform-provider-azurerm_v1.44.0_x4:  /opt/teamcity-agent/work/5d79fe75d4460a2f/src/github.com/terraform-providers/terraform-provider-azurerm/vendor/google.golang.org/grpc/server.go:708 +0xa1
2020/02/25 14:27:34 [ERROR] <root>: eval: *terraform.EvalConfigProvider, err: rpc error: code = Unavailable desc = transport is closing
2020/02/25 14:27:34 [ERROR] <root>: eval: *terraform.EvalSequence, err: rpc error: code = Unavailable desc = transport is closing
2020/02/25 14:27:34 [ERROR] <root>: eval: *terraform.EvalOpFilter, err: rpc error: code = Unavailable desc = transport is closing
2020/02/25 14:27:34 [ERROR] <root>: eval: *terraform.EvalSequence, err: rpc error: code = Unavailable desc = transport is closing
2020/02/25 14:27:34 [TRACE] [walkRefresh] Exiting eval tree: provider.azurerm
2020/02/25 14:27:34 [TRACE] vertex "provider.azurerm": visit complete
2020/02/25 14:27:34 [TRACE] dag/walk: upstream of "module.static_rg.data.azurerm_key_vault.akv" errored, so skipping
2020/02/25 14:27:34 [TRACE] dag/walk: upstream of "module.akv.data.azurerm_client_config.current" errored, so skipping
2020/02/25 14:27:34 [TRACE] dag/walk: upstream of "module.appsvc_plan.data.azurerm_key_vault.akv" errored, so skipping
2020/02/25 14:27:34 [TRACE] dag/walk: upstream of "module.mgmt_app_service.data.azurerm_key_vault.akv" errored, so skipping
2020/02/25 14:27:34 [TRACE] dag/walk: upstream of "provider.azurerm (close)" errored, so skipping
2020/02/25 14:27:34 [TRACE] dag/walk: upstream of "root" errored, so skipping
2020-02-25T14:27:34.730+0200 [DEBUG] plugin: plugin process exited: path=/Users/acherny/temptf/tf1/.terraform/plugins/darwin_amd64/terraform-provider-azurerm_v1.44.0_x4 pid=76020 error="exit status 2"
2020/02/25 14:27:34 [TRACE] statemgr.Filesystem: removing lock metadata file .terraform.tfstate.lock.info
2020/02/25 14:27:34 [TRACE] statemgr.Filesystem: unlocking terraform.tfstate using fcntl flock
2020-02-25T14:27:34.730+0200 [DEBUG] plugin: plugin exited

!!!!!!!!!!!!!!!!!!!!!!!!!!! TERRAFORM CRASH !!!!!!!!!!!!!!!!!!!!!!!!!!!!

tombuildsstuff commented 4 years ago

hi @AntonChernysh

Thanks for opening this issue - apologies for the delayed response here!

Taking a look through here as you've mentioned this appears to be an instance of https://github.com/hashicorp/terraform/issues/21702 - rather than something specific to the Azure Provider - and as such I'm going to close this in favour of that issue - however I believe that you should be able to work around this by specifying an empty list rather than null here however (e.g. []).

Thanks!

ghost commented 4 years ago

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.

If you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. If you feel I made an error 🤖 🙉 , please reach out to my human friends 👉 hashibot-feedback@hashicorp.com. Thanks!

hashicorp / terraform-provider-azurerm